Hi guys,I am working in a production environment and added a new application log source on qradar so that its logs can be viewed on log activity, after properly configuring in the log source the logs are not incoming. Even though its entries are coming accurately which was confirmed with the database team, on qradar the logs do not seem to be incoming.
What reasons can this be because of?Thank you.
You should probably clarify by "application log source" do you mean Windows Event Viewer application logs? Or do you mean a custom application that is sending Syslog (RFC5424 or 3164) or is this JDBC as you mentioned database team?
I think it would be good for you to clarify the protocol type you are using for your log source. If you confirm the events are received, but seem to disappear from the UI, this could be a network issue where the NIC thinks the packets are being spoofed (martian packets).